mirror of
https://github.com/hashcat/hashcat.git
synced 2024-12-23 23:19:09 +00:00
Merge pull request #1072 from philsmd/master
-m 11400 = SIP digest authentication (MD5): added bound checks in parser
This commit is contained in:
commit
ddace83b41
@ -78,6 +78,7 @@
|
|||||||
- OpenCL Device: Do a check on available constant memory size and abort if it's less than 64kB
|
- OpenCL Device: Do a check on available constant memory size and abort if it's less than 64kB
|
||||||
- File Reads: Improved error detection on file reads, especially when getting the file stats
|
- File Reads: Improved error detection on file reads, especially when getting the file stats
|
||||||
- File Locking: Improved error detection on file locks
|
- File Locking: Improved error detection on file locks
|
||||||
|
- Hash Parsing: Added additional bound checks for the SIP digest authentication (MD5) parser (-m 11400)
|
||||||
- Sessions: Move out handling of multiple instance from restore file into separate pidfile
|
- Sessions: Move out handling of multiple instance from restore file into separate pidfile
|
||||||
- Threads: Restored strerror as %m is unsupported by the BSDs
|
- Threads: Restored strerror as %m is unsupported by the BSDs
|
||||||
- Wordlists: Fixed memory leak in case access a file in a wordlist folder fails
|
- Wordlists: Fixed memory leak in case access a file in a wordlist folder fails
|
||||||
|
@ -10998,6 +10998,13 @@ int sip_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U
|
|||||||
|
|
||||||
u32 md5_max_len = 4 * 64;
|
u32 md5_max_len = 4 * 64;
|
||||||
|
|
||||||
|
u32 total_length = method_len + 1 + URI_prefix_len + URI_prefix_len + URI_resource_len + URI_suffix_len + URI_suffix_len;
|
||||||
|
|
||||||
|
if (URI_prefix_len) total_length++;
|
||||||
|
if (URI_suffix_len) total_length++;
|
||||||
|
|
||||||
|
if (total_length > md5_max_len) return (PARSER_SALT_LENGTH);
|
||||||
|
|
||||||
u32 md5_remaining_len = md5_max_len;
|
u32 md5_remaining_len = md5_max_len;
|
||||||
|
|
||||||
u32 tmp_md5_buf[64] = { 0 };
|
u32 tmp_md5_buf[64] = { 0 };
|
||||||
|
Loading…
Reference in New Issue
Block a user